Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Mein Pc schaltete sich selber aus! (https://www.trojaner-board.de/93241-pc-schaltete-selber.html)

Crohero 26.11.2010 20:56
Mein Pc schaltete sich selber aus!
 
Hallo zusammen!
Vor ein par Tagen habe ich endlich einen mega Trojaner entfernt...
aber das gehört nicht zu meiner Frage^^
Also: Ich habe Warrock gezockt^^ plötzlich schaltete sich mein PC aus !?!
Ich habe mal ein Hijackthis "scan" gemacht.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:51:00, on 26.11.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Users\vista\Desktop\brunc\Tastatur\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Users\vista\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vista\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\vista\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Users\vista\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vista\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\vista\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\vista\Downloads\HiJackThis204.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)
R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof0.dll
R3 - URLSearchHook: M2Bar Toolbar - {0df41d51-d5ab-4f8a-941f-0d1ed6596bc7} - C:\Program Files\M2Bar\tbM2Ba.dll
R3 - URLSearchHook: Messenger Plus Live Switzerland- DE Toolbar - {18c2d815-3a16-4493-9004-77949214a70e} - C:\Program Files\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,*DISABLED*C:\Users\vista\AppData\Roaming\1JeOVxNclFKW.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: M2Bar Toolbar - {0df41d51-d5ab-4f8a-941f-0d1ed6596bc7} - C:\Program Files\M2Bar\tbM2Ba.dll
O2 - BHO: Messenger Plus Live Switzerland- DE Toolbar - {18c2d815-3a16-4493-9004-77949214a70e} - C:\Program Files\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof0.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof0.dll
O3 - Toolbar: M2Bar Toolbar - {0df41d51-d5ab-4f8a-941f-0d1ed6596bc7} - C:\Program Files\M2Bar\tbM2Ba.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Messenger Plus Live Switzerland- DE Toolbar - {18c2d815-3a16-4493-9004-77949214a70e} - C:\Program Files\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKLM\..\Policies\Explorer\Run: [explorer] C:\Windows\system32\system32\explorer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Audio HD Driver] *DISABLED*C:\Users\vista\AppData\Local\Temp\1JeOVxNclFKW.exe
O4 - HKCU\..\Policies\Explorer\Run: [Audio HD Driver] *DISABLED*C:\Users\vista\AppData\Roaming\tMkzoPALXMVb.exe
O4 - Global Startup: Canon LBP-810-Statusfenster.LNK = C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe
O4 - Global Startup: Logitech SetPoint.lnk = vista\Desktop\brunc\Tastatur\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate1c9f19f74fc5003) (gupdate1c9f19f74fc5003) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11658 bytes


Hoffentlich findet ihr etwas!
Danke im Voraus!

markusg 26.11.2010 21:05
das du den entfernt hast wage ich noch zu bezweifeln, also erzähle was du genau gemacht hast.

ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.

Crohero 26.11.2010 21:12
Also , ich habe einfach im abgesicherten Modus den eset online scanner laufen lassen^^ der hat 12 dropper.gen gefunden und soo^^ Der Virus hat meinen Taskmanager gekillt,regedit.exe alles^^ einfach alle .exe dateien^^

markusg 26.11.2010 21:13
dann mal die otl berichte

Crohero 26.11.2010 21:18
gleich^^ habe mehrere male angefangen zu scannen^^ immer was vergessen zu haken^^

was denkstu^^ was für ein Virus könnte es sein?

markusg 26.11.2010 21:19
weis ich noch nicht...

Crohero 26.11.2010 21:20
wie lange dauert so ein scan?

markusg 26.11.2010 21:22
bis er fertig is :d
vllt 20 minuten, das geht nicht alles so schnell.
bin heut auch net mehr lange online

Crohero 26.11.2010 21:22
boah -.- beim OTL kommt immer keine Rückmeldung ....

markusg 26.11.2010 21:35
wie siehts aus wenn du mein zeug nicht einfügst und nur auf "scan" klickst?

Crohero 26.11.2010 21:37
¨normal? xD aber eii^^ ein guter Koleg von mir hat gerade was über TeamViewer in regedit.exe gelöscht^^ er sagte es seinen 2 Viren und er hat viel Erfahrung^^
Noch was^^ Wie wird man ein regedit.exe Profi? xD

Crohero 26.11.2010 21:38
Der Scan ist da!

OTL Logfile:
Code:
OTL logfile created on: 26.11.2010 21:15:59 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Users\vista\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269.41 Gb Total Space | 147.88 Gb Free Space | 54.89% Space Free | Partition Type: NTFS
Drive D: | 28.67 Gb Total Space | 20.37 Gb Free Space | 71.04% Space Free | Partition Type: FAT32
 
Computer Name: VISTA-PC | User Name: vista | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\vista\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\vista\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Programme\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Users\vista\Desktop\brunc\Tastatur\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.)
PRC - C:\Windows\System32\CAPRPCSK.EXE (CANON INC.)
PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\vista\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) TuneUp Designerweiterung (beta) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe (SiSoftware)
SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys File not found
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys File not found
DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (esihdrv) -- C:\Users\vista\AppData\Local\Temp\esihdrv.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (cpuz130) -- C:\Users\vista\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101124.002\IDSvix86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101126.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101126.003\NAVENG.SYS (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NAV\1108000.005\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NAV\1108000.005\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NAV\1108000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NAV\1108000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NAV\1108000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\NAV\1108000.005\ccHPx86.sys (Symantec Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (SymDS) -- C:\Windows\system32\drivers\NAV\1108000.005\SYMDS.SYS (Symantec Corporation)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\sandra.sys (SiSoftware)
DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)
DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (whfltr2k) -- C:\Windows\System32\drivers\whfltr2k.sys ()
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (xfilt) -- C:\Windows\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (RapidPort) -- C:\Windows\System32\drivers\CAPLPTN.SYS (CANON INC.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\URLSearchHook: {0df41d51-d5ab-4f8a-941f-0d1ed6596bc7} - C:\Programme\M2Bar\tbM2Ba.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {18c2d815-3a16-4493-9004-77949214a70e} - C:\Programme\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home Page Reset - Symantec Corp.
IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home Page Reset - Symantec Corp.
IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home Page Reset - Symantec Corp.
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home Page Reset - Symantec Corp.
 
IE - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home Page Reset - Symantec Corp.
IE - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, Lifestyle, Unterhaltung, Reisen, News, Sport und vieles mehr auf msn.ch
IE - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 9F 48 AE 2B E1 CA 01  [binary data]
IE - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\..\URLSearchHook: {0df41d51-d5ab-4f8a-941f-0d1ed6596bc7} - C:\Programme\M2Bar\tbM2Ba.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\..\URLSearchHook: {18c2d815-3a16-4493-9004-77949214a70e} - C:\Programme\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {18c2d815-3a16-4493-9004-77949214a70e}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6
FF - prefs.js..keyword.URL: "hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=UU7tZVGu&q="
 
FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=nMBAvf7L&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010.08.08 18:28:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2010.11.21 14:18:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.30 18:19:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.30 18:19:23 | 000,000,000 | ---D | M]
 
[2010.05.23 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\mozilla\Extensions
[2010.05.23 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2009.06.13 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.11.25 08:20:04 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\mozilla\Firefox\Profiles\i89abi7o.default\extensions
[2010.11.07 11:10:30 | 000,000,000 | ---D | M] (Messenger Plus Live Switzerland- DE Toolbar) -- C:\Users\vista\AppData\Roaming\mozilla\Firefox\Profiles\i89abi7o.default\extensions\{18c2d815-3a16-4493-9004-77949214a70e}
[2010.05.16 12:20:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\vista\AppData\Roaming\mozilla\Firefox\Profiles\i89abi7o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.01 20:19:58 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\vista\AppData\Roaming\mozilla\Firefox\Profiles\i89abi7o.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2010.09.24 19:41:29 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\vista\AppData\Roaming\mozilla\Firefox\Profiles\i89abi7o.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009.07.09 21:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vista\AppData\Roaming\mozilla\Firefox\Profiles\i89abi7o.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009.10.06 17:03:36 | 000,000,894 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\FireFox\Profiles\i89abi7o.default\searchplugins\conduit.xml
[2009.06.13 15:48:21 | 000,001,632 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\FireFox\Profiles\i89abi7o.default\searchplugins\live-search.xml
[2010.11.21 14:21:55 | 000,000,743 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\FireFox\Profiles\i89abi7o.default\searchplugins\search-defender.xml
[2010.11.25 08:20:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.07 15:28:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.21 18:38:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.06 14:07:05 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010.08.25 01:44:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.25 01:44:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.25 01:44:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.25 01:44:54 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.25 01:44:54 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.08 11:30:58 | 000,000,823 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (M2Bar Toolbar) - {0df41d51-d5ab-4f8a-941f-0d1ed6596bc7} - C:\Programme\M2Bar\tbM2Ba.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Switzerland- DE Toolbar) - {18c2d815-3a16-4493-9004-77949214a70e} - C:\Programme\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll (Conduit Ltd.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (M2Bar Toolbar) - {0df41d51-d5ab-4f8a-941f-0d1ed6596bc7} - C:\Programme\M2Bar\tbM2Ba.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Switzerland- DE Toolbar) - {18c2d815-3a16-4493-9004-77949214a70e} - C:\Programme\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Programme\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: explorer = C:\Windows\system32\system32\explorer.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Audio HD Driver = *DISABLED*C:\Users\vista\AppData\Local\Temp\1JeOVxNclFKW.exe
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Audio HD Driver = *DISABLED*C:\Users\vista\AppData\Roaming\tMkzoPALXMVb.exe
O7 - HKU\S-1-5-21-1056924294-3821404161-2646637732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (*DISABLED*C:\Users\vista\AppData\Roaming\1JeOVxNclFKW.exe) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{203bb7a4-5818-11de-91b7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{203bb7a4-5818-11de-91b7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger -  File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E224335W-A1HK-HL0H-PUB7-150T1FA1D11Y} - C:\Windows\system32\install\driver32.exe Restart
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.26 21:10:30 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\vista\Desktop\OTL.exe
[2010.11.26 19:35:33 | 000,000,000 | ---D | C] -- C:\Users\vista\AppData\Local\GamersFirst LIVE!
[2010.11.26 18:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.11.24 21:29:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.11.24 21:29:41 | 002,381,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.11.24 21:29:41 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.11.23 18:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.11.23 18:05:40 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.11.21 14:18:06 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.11.21 14:18:05 | 001,865,680 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.11.21 14:18:05 | 000,739,280 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.11.21 14:12:01 | 000,000,000 | ---D | C] -- C:\Programme\PC Tools Security
[2010.11.18 12:25:55 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.11.07 11:11:13 | 000,000,000 | ---D | C] -- C:\Users\vista\Documents\Verlauf
[2010.11.07 11:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010.11.07 11:10:32 | 000,000,000 | ---D | C] -- C:\Programme\Messenger_Plus_Live_Switzerland-_DE
[2010.11.07 11:10:21 | 000,000,000 | ---D | C] -- C:\Programme\Messenger Plus! Live
[2010.11.05 21:11:32 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.11.05 21:11:32 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.11.05 21:08:22 | 000,032,064 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.11.05 21:07:23 | 000,000,000 | ---D | C] -- C:\Users\vista\AppData\Roaming\TuneUp Software
[2010.11.05 21:06:48 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2011
[2010.11.05 21:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.11.05 21:05:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010.11.05 20:56:44 | 000,000,000 | ---D | C] -- C:\Users\vista\Documents\Visual Studio 2010
[2010.11.05 20:54:24 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 10.0
[2010.11.05 20:54:24 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Help Viewer
[2010.11.04 15:14:42 | 000,000,000 | ---D | C] -- C:\Users\vista\Desktop\deutschnachhilfe
[2010.11.02 19:11:39 | 000,000,000 | ---D | C] -- C:\ATLAS
[2010.11.02 19:11:39 | 000,000,000 | ---D | C] -- C:\Windows\ASYM
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.26 21:19:05 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.11.26 21:10:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.26 21:08:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\vista\Desktop\OTL.exe
[2010.11.26 20:43:50 | 000,036,917 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.11.26 20:43:50 | 000,036,917 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.11.26 20:43:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.26 20:20:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1056924294-3821404161-2646637732-1001UA.job
[2010.11.26 20:09:42 | 000,736,092 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.26 20:09:42 | 000,696,822 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.26 20:09:42 | 000,168,156 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.26 20:09:42 | 000,142,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.26 19:53:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.26 19:53:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.26 19:53:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.26 19:52:43 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.26 19:36:27 | 000,000,957 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2010.11.26 19:33:26 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
[2010.11.26 19:20:09 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1056924294-3821404161-2646637732-1001Core.job
[2010.11.26 19:09:52 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.11.25 21:43:15 | 004,733,837 | ---- | M] () -- C:\Users\vista\Desktop\YouTube        - dada ante portas - mexico.mp3
[2010.11.23 20:22:27 | 000,360,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.11.23 19:21:05 | 000,008,592 | ---- | M] () -- C:\Users\vista\AppData\Local\d3d9caps.dat
[2010.11.23 12:52:20 | 000,038,312 | ---- | M] () -- C:\Users\vista\Documents\cc_20101123_125209.reg
[2010.11.21 14:22:54 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.11.21 14:14:07 | 002,051,280 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010.11.18 11:00:49 | 000,192,000 | ---- | M] () -- C:\Users\vista\CVPSTROJIN.doc
[2010.11.16 20:41:44 | 000,000,558 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for vista.job
[2010.11.12 12:09:56 | 000,131,364 | ---- | M] () -- C:\Users\vista\Desktop\Gr1bDievierFaelle.tif
[2010.11.12 12:09:07 | 000,131,364 | ---- | M] () -- C:\Users\vista\Desktop\www.mittelschulvorbere...w-msvDE-Gr1bDievierFaelle.tif
[2010.11.08 20:20:48 | 000,002,084 | ---- | M] () -- C:\Users\vista\Desktop\Google Chrome.lnk
[2010.11.05 20:37:47 | 000,001,697 | ---- | M] () -- C:\WarRock.ini
[2010.11.02 19:11:57 | 000,000,138 | ---- | M] () -- C:\Windows\asym.ini
[2010.11.02 15:52:44 | 000,265,216 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Svchost.bat
[2010.11.02 00:03:02 | 001,448,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.11.01 23:59:07 | 002,381,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.11.01 23:57:37 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.31 12:34:38 | 000,034,304 | ---- | M] () -- C:\Users\vista\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.26 19:35:18 | 000,000,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2010.11.26 19:33:25 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2010.11.25 21:42:58 | 004,733,837 | ---- | C] () -- C:\Users\vista\Desktop\YouTube        - dada ante portas - mexico.mp3
[2010.11.23 20:21:54 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.23 12:52:12 | 000,038,312 | ---- | C] () -- C:\Users\vista\Documents\cc_20101123_125209.reg
[2010.11.21 14:18:07 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.11.21 14:18:06 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.11.21 14:18:06 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.11.21 14:18:05 | 000,002,074 | ---- | C] () -- C:\Windows\UDB.zip
[2010.11.21 14:18:05 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.11.21 14:13:33 | 002,051,280 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010.11.18 10:54:32 | 000,192,000 | ---- | C] () -- C:\Users\vista\CVPSTROJIN.doc
[2010.11.12 12:09:56 | 000,131,364 | ---- | C] () -- C:\Users\vista\Desktop\Gr1bDievierFaelle.tif
[2010.11.12 12:09:07 | 000,131,364 | ---- | C] () -- C:\Users\vista\Desktop\www.mittelschulvorbere...w-msvDE-Gr1bDievierFaelle.tif
[2010.11.05 18:05:23 | 000,265,216 | ---- | C] () -- C:\Users\vista\AppData\Roaming\Svchost.bat
[2010.11.05 18:02:21 | 000,001,697 | ---- | C] () -- C:\WarRock.ini
[2010.11.02 19:11:43 | 000,000,452 | ---- | C] () -- C:\Windows\TB50.INI
[2010.11.02 19:11:33 | 000,000,138 | ---- | C] () -- C:\Windows\asym.ini
[2010.09.10 17:13:05 | 000,000,451 | ---- | C] () -- C:\Users\vista\AppData\Roaming\Autorun.vbs
[2010.08.15 19:47:51 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.08.06 14:49:05 | 000,036,917 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.08.06 14:49:04 | 000,036,917 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.03.26 20:00:50 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.12.30 07:16:49 | 011,837,440 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009.12.11 21:16:50 | 000,000,000 | ---- | C] () -- C:\Users\vista\AppData\Roaming\Default.PLS
[2009.11.08 11:13:55 | 000,000,179 | ---- | C] () -- C:\Users\vista\AppData\Roaming\setup.log
[2009.11.08 11:13:52 | 000,000,760 | ---- | C] () -- C:\Users\vista\AppData\Roaming\setup_ldm.iss
[2009.11.06 20:40:04 | 000,000,335 | ---- | C] () -- C:\Windows\DesktopSchneeFree.ini
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.21 10:57:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.15 21:45:54 | 000,034,304 | ---- | C] () -- C:\Users\vista\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.13 18:18:13 | 000,000,552 | ---- | C] () -- C:\Users\vista\AppData\Local\d3d8caps.dat
[2009.06.13 16:04:18 | 000,000,000 | ---- | C] () -- C:\Users\vista\AppData\Roaming\wklnhst.dat
[2009.06.13 16:03:11 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.06.13 13:59:51 | 000,008,592 | ---- | C] () -- C:\Users\vista\AppData\Local\d3d9caps.dat
[2007.02.26 17:14:35 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.02.26 17:14:35 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.02.10 16:17:37 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.02.09 15:43:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.02.09 14:59:01 | 000,000,199 | ---- | C] () -- C:\Windows\WISO.INI
[2007.02.09 14:12:31 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.01.25 23:45:02 | 000,006,784 | ---- | C] () -- C:\Windows\System32\drivers\whfltr2k.sys
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.20 07:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini
[2005.09.24 17:42:52 | 000,043,039 | -H-- | C] () -- C:\Users\vista\AppData\Roaming\logs.dat
[2005.04.08 03:16:43 | 000,006,191 | -H-- | C] () -- C:\Users\vista\AppData\Roaming\vistalog.dat
 
========== LOP Check ==========
 
[2009.12.30 07:03:11 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\ASCOMP Software
[2010.10.24 19:35:07 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Bilder
[2009.11.07 21:09:22 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Canon
[2009.12.09 21:01:46 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Dev-Cpp
[2010.10.24 20:23:38 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\DNA
[2010.03.07 14:21:50 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Information Factory
[2010.05.15 23:03:32 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\LimeWire
[2009.06.15 21:42:53 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\MAGIX
[2009.11.23 18:59:21 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Nvu
[2010.08.07 16:32:34 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\PCToolsFirewallPlus
[2010.04.24 15:15:12 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Screaming Bee
[2010.08.07 16:32:11 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Spam Monitor
[2010.11.19 20:07:09 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Sysutils_Update
[2010.11.23 20:24:16 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\TeamViewer
[2009.08.31 20:53:45 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Template
[2010.08.07 18:03:50 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Tific
[2010.11.05 21:20:24 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\TuneUp Software
[2009.06.14 13:44:41 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Uniblue
[2010.11.09 12:34:16 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\uTorrent
[2009.06.14 13:38:10 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Xilisoft Corporation
[2010.09.23 07:40:51 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.11.26 19:50:55 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.11.21 17:23:19 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Adobe
[2009.12.13 15:38:00 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Ahead
[2010.07.04 06:34:53 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Apple Computer
[2009.12.30 07:03:11 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\ASCOMP Software
[2010.10.24 19:35:07 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Bilder
[2009.11.07 21:09:22 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Canon
[2009.12.11 21:17:01 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\CyberLink
[2009.12.09 21:01:46 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Dev-Cpp
[2010.10.24 20:23:38 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\DNA
[2009.09.14 17:17:34 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Google
[2009.12.29 09:37:39 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Hamachi
[2009.06.13 14:00:07 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Identities
[2010.03.07 14:21:50 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Information Factory
[2009.08.14 18:38:37 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\InstallShield
[2010.05.15 23:03:32 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\LimeWire
[2009.11.07 18:18:54 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Logitech
[2009.06.13 14:46:09 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Macromedia
[2009.06.15 21:42:53 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\MAGIX
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Media Center Programs
[2010.11.05 20:56:42 | 000,000,000 | --SD | M] -- C:\Users\vista\AppData\Roaming\Microsoft
[2009.06.13 13:44:16 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mozilla
[2009.11.23 18:59:21 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Nvu
[2010.08.07 16:32:34 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\PCToolsFirewallPlus
[2010.04.24 15:15:12 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Screaming Bee
[2010.10.10 19:40:08 | 000,000,000 | RH-D | M] -- C:\Users\vista\AppData\Roaming\SecuROM
[2010.11.21 19:53:53 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Skype
[2010.08.07 16:32:11 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Spam Monitor
[2010.11.19 20:07:09 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Sysutils_Update
[2010.05.24 19:04:33 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\teamspeak2
[2010.11.23 20:24:16 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\TeamViewer
[2009.08.31 20:53:45 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Template
[2010.08.07 18:03:50 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Tific
[2010.11.12 13:23:38 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Tor
[2010.11.05 21:20:24 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\TuneUp Software
[2009.06.14 13:44:41 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Uniblue
[2010.11.09 12:34:16 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\uTorrent
[2010.11.12 13:23:38 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Vidalia
[2009.09.01 07:46:34 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\WinRAR
[2010.04.11 19:42:14 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Xfire
[2009.06.14 13:38:10 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Xilisoft Corporation
 
< %APPDATA%\*.exe /s >
[2009.06.13 17:04:56 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Users\vista\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
[2009.06.13 17:04:58 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Users\vista\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
[2009.06.13 17:04:58 | 000,014,848 | ---- | M] () -- C:\Users\vista\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
[2009.06.13 17:04:58 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Users\vista\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
[2009.06.13 17:04:58 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Users\vista\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
[2009.06.13 17:04:58 | 000,018,432 | ---- | M] () -- C:\Users\vista\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
[2009.06.13 17:04:58 | 000,014,336 | ---- | M] () -- C:\Users\vista\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
[2009.06.13 17:04:58 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Users\vista\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2009.06.13 17:04:58 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Users\vista\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
[2010.01.09 19:03:11 | 000,010,134 | R--- | M] () -- C:\Users\vista\AppData\Roaming\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
[2009.10.23 15:23:08 | 000,010,134 | R--- | M] () -- C:\Users\vista\AppData\Roaming\Microsoft\Installer\{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}\Foren.exe
[2009.10.23 15:23:08 | 000,000,766 | R--- | M] () -- C:\Users\vista\AppData\Roaming\Microsoft\Installer\{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}\htmledit.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2010.06.14 07:08:52 | 000,265,896 | ---- | M] () -- C:\ranger.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.06.13 19:57:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.06.13 19:57:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009.06.13 19:57:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.06.19 15:39:56 | 000,004,608 | ---- | M] () MD5=32626037A4FDF730FD9D73A5C9E22BB8 -- C:\Users\vista\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v34275733\Native\STUBEXE\@WINDIR@\explorer.exe
[2009.06.13 19:56:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.06.13 19:56:04 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.06.13 19:56:03 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.06.13 20:19:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009.06.13 20:19:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.06.13 19:56:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.06.13 19:07:50 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.06.13 19:07:50 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5160F090

< End of report >
--- --- ---

Crohero 26.11.2010 21:39
Das 2.
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 26.11.2010 21:15:59 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Users\vista\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269.41 Gb Total Space | 147.88 Gb Free Space | 54.89% Space Free | Partition Type: NTFS
Drive D: | 28.67 Gb Total Space | 20.37 Gb Free Space | 71.04% Space Free | Partition Type: FAT32
 
Computer Name: VISTA-PC | User Name: vista | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1056924294-3821404161-2646637732-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\vista\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23498318-BFB6-44D7-844B-7E3B34ABC4EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4A95BF74-7709-4455-A304-ABA95A323A85}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\wnt500x86\rpcsandrasrv.exe |
"{A086E35C-DBF2-476F-B710-EDA951E7020D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\wnt500x86\rpcsandrasrv.exe |
"{AB60A80A-CFFD-4A2C-95E2-2554BD1FD8BF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\rpcagentsrv.exe |
"{C63BE1F5-2C89-486C-98F9-10415DA38DFE}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\wnt500x86\rpcsandrasrv.exe |
"{D6ED1996-4896-4650-A8BE-AED173389E53}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DBA3EEB6-2E97-4EB0-926C-962D55FAAE9A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055A3D0F-B69E-4B09-A846-BCD82D1462C8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{11E99C04-B017-438E-ABA3-D1700862C423}" = dir=in | app=c:\program files\home cinema\makedisc\makedisc.exe |
"{12A24104-7124-40AA-90B4-FFA84926F4C5}" = protocol=6 | dir=in | app=c:\program files\ftp-uploader\ftpuploader.exe |
"{29DA5EAC-E00B-473C-B77F-757E5EF88BBF}" = dir=in | app=c:\program files\home cinema\tv enhance\tveservice.exe |
"{2C11ACCD-BE42-4F8C-9EE5-E2C7DAC1703E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{387CDA8F-4F66-4845-B919-C6350DFEE6E5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{3CD66882-3F15-4D0F-B5F5-1067DF3D840C}" = protocol=17 | dir=in | app=c:\program files\ftp-uploader\ftpuploader.exe |
"{3CEE2556-8991-4910-B17E-44E370FC0C42}" = dir=in | app=c:\users\vista\desktop\phone\skype.exe |
"{42F58567-079B-455A-BEFA-A019219CB4A6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{4FE9C2A5-F1EF-4940-8552-250B3D8C73E9}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{56709FD9-65B4-444E-9D68-4470A2DED044}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{56994438-E3DE-4B22-895D-16FA8B3928ED}" = protocol=17 | dir=in | app=c:\users\vista\downloads\stuff\utorrent.exe |
"{615506A5-1B0E-4174-A51C-E6B6518EE81C}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\wnt500x86\rpcsandrasrv.exe |
"{69F9424D-5AB3-4217-9DCC-4C537D887162}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6F31C600-719B-48DC-8D2E-AB3F317FECAE}" = dir=in | app=c:\program files\home cinema\tv enhance\tvenhance.exe |
"{82BBA51D-CB62-4D36-9289-05D24626CD77}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{9C9871D4-519E-44DD-A332-035BF9BE21FB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F6A4A29-8144-428E-9969-CF820B57865D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A05318B1-5D4B-4083-AE34-43DE2F503201}" = protocol=6 | dir=in | app=c:\users\vista\downloads\stuff\utorrent.exe |
"{A4FE63AC-0CA5-4A3F-B6D3-883CB32E431C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ACDE91B8-F3BB-46E4-9BAF-749F6B0711D7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B0C3989D-8386-47B6-900F-F565FA0B416C}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\rpcagentsrv.exe |
"{B2A574E6-A0B3-47D6-B072-CDDA9C3244CF}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\wnt500x86\rpcsandrasrv.exe |
"{B6B514A2-AB36-4DB5-A305-6161B3E38F7C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\cappswk.exe |
"{C340C78E-EC79-485B-BA49-704216989664}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\wnt500x86\rpcsandrasrv.exe |
"{C8BD36E8-994E-4701-A069-B147A907CF65}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CBC1B7B3-03B9-4D86-AE26-D9F5B6AAF2A3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CF450618-9A8A-4772-BDE6-DB41AA8BF6BD}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\cappswk.exe |
"{EBFAF33D-3483-4988-841B-557873EACA53}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"TCP Query User{08A8D357-5F12-48E7-AD77-A459A9E4DBC5}C:\users\vista\appdata\local\temp\rar$ex17.0247\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex17.0247\trazymt2\mc.exe |
"TCP Query User{092C025D-D8DD-4E95-B754-239F93CE6E47}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{0963B025-C42E-4AB4-9BAA-650E8A63BF16}C:\users\vista\appdata\local\temp\rar$ex01.100\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.100\trazymt2\mc.exe |
"TCP Query User{0CB7B0B5-6FB8-4610-8029-6299A7233124}C:\users\vista\downloads\stuff\utorrent.exe" = protocol=6 | dir=in | app=c:\users\vista\downloads\stuff\utorrent.exe |
"TCP Query User{1024F995-4623-46DA-9BF5-66188D1367EE}C:\users\vista\appdata\local\temp\rar$ex02.159\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex02.159\trazymt2\mc.exe |
"TCP Query User{10FE9AB4-909D-4907-814E-8C6CCA2F885D}C:\users\vista\desktop\brunc\metin2 neu\metin2.bin" = protocol=6 | dir=in | app=c:\users\vista\desktop\brunc\metin2 neu\metin2.bin |
"TCP Query User{11738D62-52A2-4A55-9857-F48F46C91381}C:\users\vista\appdata\local\temp\rar$ex00.894\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.894\trazymt2\mc.exe |
"TCP Query User{1BE94B65-022D-4920-86A6-8430B1394BA2}C:\users\vista\appdata\local\temp\rar$ex00.954\trazymt2\xtreamyt2.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.954\trazymt2\xtreamyt2.exe |
"TCP Query User{1C4ED0BD-4919-4DB8-B892-523DC6F97C7B}C:\users\vista\appdata\local\temp\rar$ex00.802\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.802\trazymt2\mc.exe |
"TCP Query User{1C90B80B-6B1D-4AC9-9C93-56D4C8394DCD}C:\users\vista\appdata\local\temp\rar$ex00.037\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.037\trazymt2\mc.exe |
"TCP Query User{2E0F2EAB-EB22-446F-8539-1FFF4D7C23BA}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{30678671-314F-4F7B-B8AF-BD34ADFCB167}C:\users\vista\appdata\local\temp\rar$ex00.112\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.112\trazymt2\mc.exe |
"TCP Query User{323AD9B9-A247-498F-BA6D-6EB21AFE4F97}C:\users\vista\appdata\local\temp\rar$ex01.123\trazymt2\metin2.bin" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.123\trazymt2\metin2.bin |
"TCP Query User{32A95DCE-B492-459F-80EB-0B7669BFF9BE}C:\users\vista\appdata\local\temp\rar$ex05.317\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex05.317\trazymt2\mc.exe |
"TCP Query User{33F947BF-DF7F-4308-B5BF-5413D8D6D16F}C:\users\vista\desktop\brunc\metin2 neu\metin2client.bin" = protocol=6 | dir=in | app=c:\users\vista\desktop\brunc\metin2 neu\metin2client.bin |
"TCP Query User{35ED3AF9-75A5-4A02-9889-53F1FCC5E163}C:\users\vista\appdata\local\temp\rar$ex00.769\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.769\trazymt2\mc.exe |
"TCP Query User{3AAF9EFA-50F4-4DFD-A81A-43FA3578872C}C:\users\vista\appdata\local\temp\rar$ex01.597\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.597\trazymt2\mc.exe |
"TCP Query User{3C83CE50-9DB8-4FCD-A1E9-B271760A0C9C}C:\users\vista\appdata\local\temp\rar$ex79.217\trazymt2\metin2.bin" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex79.217\trazymt2\metin2.bin |
"TCP Query User{3CE08BB7-FB40-45FF-BAEB-E27F64F56991}C:\users\vista\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\vista\program files\dna\btdna.exe |
"TCP Query User{3D140E47-12C0-4545-9C06-112954AD59F2}C:\users\vista\desktop\brunc\metin2 neu\metin2client.bin" = protocol=6 | dir=in | app=c:\users\vista\desktop\brunc\metin2 neu\metin2client.bin |
"TCP Query User{3D68CED7-B86E-475A-B304-4550DAC6A009}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{436189E8-7CEA-4FED-9307-03C56944BE45}C:\users\vista\appdata\local\temp\rar$ex38.9758\trazymt2\xtreamyt2.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex38.9758\trazymt2\xtreamyt2.exe |
"TCP Query User{4992759C-6DE4-4BDA-B11D-E0F1C4BEC1E2}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{4AD8F5A5-BF40-4849-BC9E-0F43286CFF45}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{4C8D25F4-CA9F-4C20-B18B-755D3C71733F}C:\users\vista\appdata\local\temp\rar$ex00.954\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.954\trazymt2\mc.exe |
"TCP Query User{57BD80C9-7041-4623-84E2-8A69B2F7770A}C:\users\vista\appdata\local\temp\rar$ex29.0593\trazymt2\xtreamyt2.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex29.0593\trazymt2\xtreamyt2.exe |
"TCP Query User{5A4D165D-CACA-4BF1-AC28-84B3098CF310}C:\users\vista\appdata\local\temp\rar$ex32.322\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex32.322\trazymt2\mc.exe |
"TCP Query User{5B050610-7D5A-462F-96E8-17F4190C4AF2}C:\users\vista\desktop\brunc\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\users\vista\desktop\brunc\xfire\xfire.exe |
"TCP Query User{5BE5B48C-A23E-4484-9230-6BA139DD33CF}C:\users\vista\appdata\local\temp\rar$ex09.236\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex09.236\trazymt2\mc.exe |
"TCP Query User{5CE36AE7-D43E-4D60-8830-AAA92F37D5AF}C:\users\vista\appdata\local\temp\rar$ex81.7271\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex81.7271\trazymt2\mc.exe |
"TCP Query User{66EB78A1-A213-4CF7-9742-DDC661D5EEC6}C:\users\vista\appdata\local\temp\rar$ex01.799\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.799\trazymt2\mc.exe |
"TCP Query User{6F5E1128-FCA1-44F5-A673-5C4F924B6D96}C:\users\vista\appdata\local\temp\rar$ex73.979\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex73.979\trazymt2\mc.exe |
"TCP Query User{6FAE9CCB-A82A-4384-A27E-54FFB3AB9568}C:\users\vista\appdata\local\temp\rar$ex00.646\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.646\trazymt2\mc.exe |
"TCP Query User{72337739-B3BA-445F-BEEF-AD0E13B61B8C}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{774F8A18-03C7-45B6-BE64-B11DE5BBC6C9}C:\users\vista\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\vista\program files\dna\btdna.exe |
"TCP Query User{7DC06CCE-CF17-4140-8701-A968715B799B}C:\users\vista\appdata\local\temp\rar$ex01.744\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.744\trazymt2\mc.exe |
"TCP Query User{7F95A8F7-EB82-43C0-A7F8-3DA3818B3CF4}C:\users\vista\appdata\local\temp\rar$ex46.730\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex46.730\trazymt2\mc.exe |
"TCP Query User{81ACE64E-624C-489D-A3DE-42BFAA7290E7}C:\users\vista\appdata\local\temp\rar$ex00.469\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.469\trazymt2\mc.exe |
"TCP Query User{8908476B-190D-493D-BFC3-820448EB8F9B}C:\users\vista\appdata\local\temp\rar$ex00.583\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.583\trazymt2\mc.exe |
"TCP Query User{8933A25A-C8DE-47F3-BC64-9F09375D2EA6}C:\users\vista\desktop\pserver\hmachi\hamachi.exe" = protocol=6 | dir=in | app=c:\users\vista\desktop\pserver\hmachi\hamachi.exe |
"TCP Query User{8B537BF2-08E2-4D98-9DF2-C7A3A9D36A48}C:\users\vista\desktop\brunc\metin2 neu\metin2.bin" = protocol=6 | dir=in | app=c:\users\vista\desktop\brunc\metin2 neu\metin2.bin |
"TCP Query User{8CDB58B3-8810-4109-BA9C-D9A51C7595F0}C:\users\vista\appdata\local\temp\rar$ex00.664\trazymt2\xtreamyt2.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.664\trazymt2\xtreamyt2.exe |
"TCP Query User{9220DFD3-2C7E-497D-88A7-469E2164512E}C:\users\vista\appdata\local\temp\rar$ex39.3859\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex39.3859\trazymt2\mc.exe |
"TCP Query User{9266FA24-DFD6-4C01-AD5C-D09B145E3389}C:\users\vista\appdata\local\temp\rar$ex02.652\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex02.652\trazymt2\mc.exe |
"TCP Query User{9493BCB8-C9BF-412E-8295-F2661859E66A}C:\users\vista\appdata\local\temp\rar$ex01.796\trazymt2\xtreamyt2.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.796\trazymt2\xtreamyt2.exe |
"TCP Query User{99F30FD5-ACA5-4F50-AF12-60BBFE35B3EB}C:\users\vista\appdata\local\temp\rar$ex01.658\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.658\trazymt2\mc.exe |
"TCP Query User{B27FF86D-5018-49BE-BF87-FE91EA42EECA}C:\users\vista\appdata\local\temp\rar$ex02.642\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex02.642\trazymt2\mc.exe |
"TCP Query User{BC53EF61-DDE7-4697-89C9-690780DC72AC}C:\users\vista\appdata\local\temp\rar$ex65.314\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex65.314\trazymt2\mc.exe |
"TCP Query User{BEE0922F-C78F-4D8D-9A07-83AEA1860F29}C:\users\vista\desktop\brunc\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\users\vista\desktop\brunc\metin2\metin2.bin |
"TCP Query User{C2100A5D-B17B-4D12-96E3-09EE63DE9DA0}C:\users\vista\appdata\local\temp\rar$ex41.5850\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex41.5850\trazymt2\mc.exe |
"TCP Query User{C23F442B-6B91-498F-B6D5-EF7365EC6F02}C:\users\vista\appdata\local\temp\rar$ex23.0224\trazymt2\xtreamyt2.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex23.0224\trazymt2\xtreamyt2.exe |
"TCP Query User{C2784E9E-3CB6-4BD8-95B8-762FAF15DDF5}C:\users\vista\appdata\local\temp\rar$ex11.6912\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex11.6912\trazymt2\mc.exe |
"TCP Query User{C97BCB9E-4D91-4CF9-835F-57B8A7B107ED}C:\users\vista\appdata\local\temp\rar$ex01.330\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.330\trazymt2\mc.exe |
"TCP Query User{CA543283-628D-4C8B-9826-F59FEA785542}C:\users\vista\appdata\local\temp\rar$ex00.441\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.441\trazymt2\mc.exe |
"TCP Query User{CCA421EF-71AA-4998-8A73-8123FAD511C6}C:\users\vista\appdata\local\temp\rar$ex11.5544\trazymt2\metin2.bin" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex11.5544\trazymt2\metin2.bin |
"TCP Query User{D0DFAFB2-0E69-46C8-8A3F-88DDD1C40415}C:\users\vista\appdata\local\virtualstore\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\virtualstore\program files\metin2\metin2.bin |
"TCP Query User{D5C64A70-B189-4020-9F67-DE8583EC46B9}C:\users\vista\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\vista\downloads\utorrent.exe |
"TCP Query User{D880A404-80D8-4729-BEDF-D1BF81D8F599}C:\users\vista\downloads\stuff\utorrent.exe" = protocol=6 | dir=in | app=c:\users\vista\downloads\stuff\utorrent.exe |
"TCP Query User{DADAADA6-E144-49DF-A6BB-C18A18B90060}C:\users\vista\appdata\local\temp\rar$ex01.793\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.793\trazymt2\mc.exe |
"TCP Query User{E7AE6D7D-A4AD-45F7-BA38-16AA841EA59B}C:\users\vista\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{E8B97373-0BA6-41C4-A598-7A80D5E2A2C0}C:\users\vista\appdata\local\temp\rar$ex77.8477\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex77.8477\trazymt2\mc.exe |
"TCP Query User{EBD15192-2E75-4BE1-8009-7F571CC2AC16}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{EFC5EA4B-395E-41EB-8BDB-E7AE00713B7E}C:\users\vista\appdata\local\temp\rar$ex00.290\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.290\trazymt2\mc.exe |
"TCP Query User{F0D87D2D-DD06-4E31-9D43-88ABDB2E154B}C:\users\vista\appdata\local\temp\rar$ex01.011\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.011\trazymt2\mc.exe |
"TCP Query User{F70F23B3-CF64-49C3-BFB2-4EAA48848124}C:\users\vista\appdata\local\temp\rar$ex08.344\trazymt2\mc.exe" = protocol=6 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex08.344\trazymt2\mc.exe |
"UDP Query User{0FFAF9CC-526E-44BD-A5EC-8C4B08CAC93A}C:\users\vista\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{12740A7A-5975-4AB4-8740-BA55E4AFDE54}C:\users\vista\appdata\local\temp\rar$ex02.159\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex02.159\trazymt2\mc.exe |
"UDP Query User{12B213FD-BD60-485B-B289-04EC996F121C}C:\users\vista\appdata\local\temp\rar$ex00.954\trazymt2\xtreamyt2.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.954\trazymt2\xtreamyt2.exe |
"UDP Query User{13A46766-D793-4BB9-8EDF-096DECD4E9F0}C:\users\vista\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\vista\program files\dna\btdna.exe |
"UDP Query User{14FD7394-432A-47F1-AB20-2EB7CCB09A71}C:\users\vista\appdata\local\temp\rar$ex00.894\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.894\trazymt2\mc.exe |
"UDP Query User{1930C923-7896-4CA3-8F37-9797F6C128CD}C:\users\vista\appdata\local\temp\rar$ex29.0593\trazymt2\xtreamyt2.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex29.0593\trazymt2\xtreamyt2.exe |
"UDP Query User{23A21AFC-C0C7-4C6D-8D5B-8D5E16A5F160}C:\users\vista\desktop\brunc\metin2 neu\metin2.bin" = protocol=17 | dir=in | app=c:\users\vista\desktop\brunc\metin2 neu\metin2.bin |
"UDP Query User{256367A7-F89E-446D-895C-984D587E9882}C:\users\vista\appdata\local\temp\rar$ex01.799\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.799\trazymt2\mc.exe |
"UDP Query User{2CD5C052-94E0-4363-8641-FC993081EC8F}C:\users\vista\desktop\brunc\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\users\vista\desktop\brunc\metin2\metin2.bin |
"UDP Query User{3527115C-AE1B-4FF1-BDA0-E413A1A55DA9}C:\users\vista\appdata\local\temp\rar$ex08.344\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex08.344\trazymt2\mc.exe |
"UDP Query User{3543F375-238C-473A-B0A5-819F1C360279}C:\users\vista\appdata\local\temp\rar$ex79.217\trazymt2\metin2.bin" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex79.217\trazymt2\metin2.bin |
"UDP Query User{374C9954-E1FC-4CA4-BB1B-42E1FE5F292F}C:\users\vista\appdata\local\temp\rar$ex73.979\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex73.979\trazymt2\mc.exe |
"UDP Query User{385C29BE-0DAF-479F-A223-931887C2945E}C:\users\vista\appdata\local\temp\rar$ex02.652\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex02.652\trazymt2\mc.exe |
"UDP Query User{38633461-BA7F-43AD-BDA1-28A7B5D12F51}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{3CB67EB5-18DA-4893-A289-E6524F3F82F0}C:\users\vista\appdata\local\temp\rar$ex32.322\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex32.322\trazymt2\mc.exe |
"UDP Query User{3EFDBF01-796D-48BD-BCFB-66F625A05050}C:\users\vista\appdata\local\temp\rar$ex01.793\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.793\trazymt2\mc.exe |
"UDP Query User{4071180C-EDC2-4E6B-ABED-ECBC8FB5AA67}C:\users\vista\appdata\local\temp\rar$ex00.469\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.469\trazymt2\mc.exe |
"UDP Query User{4632CF42-42EC-4BAD-9E06-7A802D877B13}C:\users\vista\appdata\local\temp\rar$ex41.5850\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex41.5850\trazymt2\mc.exe |
"UDP Query User{46816E68-7EC8-4DD3-8F84-E90C42D60B4E}C:\users\vista\appdata\local\temp\rar$ex00.112\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.112\trazymt2\mc.exe |
"UDP Query User{46E64969-6F94-4009-A881-A795003A8275}C:\users\vista\appdata\local\temp\rar$ex00.664\trazymt2\xtreamyt2.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.664\trazymt2\xtreamyt2.exe |
"UDP Query User{4D5DB1F1-96D1-406A-853A-4EC700BA21AE}C:\users\vista\appdata\local\temp\rar$ex01.330\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.330\trazymt2\mc.exe |
"UDP Query User{583F1BD9-14E2-420B-BAD3-018A8A111006}C:\users\vista\appdata\local\virtualstore\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\virtualstore\program files\metin2\metin2.bin |
"UDP Query User{5B8FF19B-1FC2-4DAD-8C07-E2FB9ED55C13}C:\users\vista\appdata\local\temp\rar$ex00.037\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.037\trazymt2\mc.exe |
"UDP Query User{5EB8A436-5546-4237-AECE-83F011F470F5}C:\users\vista\appdata\local\temp\rar$ex81.7271\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex81.7271\trazymt2\mc.exe |
"UDP Query User{61155CAA-A78C-4D3D-983B-409D41F44E06}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{636239B8-A8CD-4568-990B-8902A52D7AF6}C:\users\vista\desktop\brunc\metin2 neu\metin2client.bin" = protocol=17 | dir=in | app=c:\users\vista\desktop\brunc\metin2 neu\metin2client.bin |
"UDP Query User{6387A4A3-9DD6-4B10-9A26-E7213770E49F}C:\users\vista\appdata\local\temp\rar$ex00.769\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.769\trazymt2\mc.exe |
"UDP Query User{69B63B90-67E6-4C92-8FEF-17C6E18195C5}C:\users\vista\appdata\local\temp\rar$ex01.744\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.744\trazymt2\mc.exe |
"UDP Query User{6B048951-894A-4CEA-99E1-15AB39289ED5}C:\users\vista\appdata\local\temp\rar$ex01.658\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.658\trazymt2\mc.exe |
"UDP Query User{71166725-76A1-4636-8A32-A424C4E59B55}C:\users\vista\appdata\local\temp\rar$ex09.236\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex09.236\trazymt2\mc.exe |
"UDP Query User{72A07494-64A3-433D-BA45-645C88B12B2D}C:\users\vista\appdata\local\temp\rar$ex39.3859\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex39.3859\trazymt2\mc.exe |
"UDP Query User{74262FF9-C509-4DAA-9238-0F298507578D}C:\users\vista\desktop\brunc\metin2 neu\metin2client.bin" = protocol=17 | dir=in | app=c:\users\vista\desktop\brunc\metin2 neu\metin2client.bin |
"UDP Query User{78B06D44-49C9-46C2-A53A-1981C2E40837}C:\users\vista\appdata\local\temp\rar$ex02.642\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex02.642\trazymt2\mc.exe |
"UDP Query User{8048C954-D363-45CC-9EBA-63F200F5F9C1}C:\users\vista\appdata\local\temp\rar$ex01.597\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.597\trazymt2\mc.exe |
"UDP Query User{87D2E253-88E4-42EF-A12D-1C3FD4DA7E8D}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{89F5F21D-7D5B-4F7C-AEA9-4C05830F9BF5}C:\users\vista\appdata\local\temp\rar$ex23.0224\trazymt2\xtreamyt2.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex23.0224\trazymt2\xtreamyt2.exe |
"UDP Query User{8B0F8045-59C9-45BE-BE1D-A4F4FA45B1C8}C:\users\vista\appdata\local\temp\rar$ex05.317\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex05.317\trazymt2\mc.exe |
"UDP Query User{940DCCE9-619F-4DE5-B8EB-C4DC119044A3}C:\users\vista\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\vista\downloads\utorrent.exe |
"UDP Query User{95A3A9FF-08E6-40C9-9BF4-DC4FEFB62952}C:\users\vista\appdata\local\temp\rar$ex01.100\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.100\trazymt2\mc.exe |
"UDP Query User{9BABC97E-E4C7-4D57-936F-221D75AD13FA}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{9BFC6C4B-392A-42DA-8BF9-FB7DDEF2CDA4}C:\users\vista\appdata\local\temp\rar$ex01.011\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.011\trazymt2\mc.exe |
"UDP Query User{A55906ED-3A8E-498A-BC64-4CFFE68F012F}C:\users\vista\appdata\local\temp\rar$ex17.0247\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex17.0247\trazymt2\mc.exe |
"UDP Query User{AC8B3C83-6A04-4F08-A267-496CC587A476}C:\users\vista\appdata\local\temp\rar$ex38.9758\trazymt2\xtreamyt2.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex38.9758\trazymt2\xtreamyt2.exe |
"UDP Query User{AFA36FA8-CAC8-4E30-ACC5-F9BE8811DE19}C:\users\vista\appdata\local\temp\rar$ex11.6912\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex11.6912\trazymt2\mc.exe |
"UDP Query User{B1D67716-0F54-47D3-9674-292E42BA6612}C:\users\vista\appdata\local\temp\rar$ex00.290\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.290\trazymt2\mc.exe |
"UDP Query User{B48CB699-E3A8-49A8-B605-7AEAE948DAB2}C:\users\vista\appdata\local\temp\rar$ex00.583\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.583\trazymt2\mc.exe |
"UDP Query User{BBE3044A-B36F-46AA-8F25-0091AD628C15}C:\users\vista\appdata\local\temp\rar$ex00.441\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.441\trazymt2\mc.exe |
"UDP Query User{BD102846-7209-40EE-8977-D66F1342EFA7}C:\users\vista\desktop\brunc\metin2 neu\metin2.bin" = protocol=17 | dir=in | app=c:\users\vista\desktop\brunc\metin2 neu\metin2.bin |
"UDP Query User{BF27A927-952B-4712-9AAB-BE63F88160D5}C:\users\vista\appdata\local\temp\rar$ex77.8477\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex77.8477\trazymt2\mc.exe |
"UDP Query User{BF4CB2F1-F9CD-4DD0-93C7-5F7B92084F6E}C:\users\vista\downloads\stuff\utorrent.exe" = protocol=17 | dir=in | app=c:\users\vista\downloads\stuff\utorrent.exe |
"UDP Query User{C08420C6-61BD-40E7-9EE1-0CF8A50E1A1B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{C3515A2A-85A7-4782-8432-9B55C6DF2216}C:\users\vista\desktop\brunc\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\users\vista\desktop\brunc\xfire\xfire.exe |
"UDP Query User{C578E7F1-9669-40D5-9AC7-6F2603216F6F}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{C9846411-7A03-4566-9603-54BDF43F1405}C:\users\vista\downloads\stuff\utorrent.exe" = protocol=17 | dir=in | app=c:\users\vista\downloads\stuff\utorrent.exe |
"UDP Query User{CA93222E-58A6-4648-B7BE-F7A137F656DD}C:\users\vista\appdata\local\temp\rar$ex65.314\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex65.314\trazymt2\mc.exe |
"UDP Query User{CB4F5ACB-8ECF-4F77-8715-DDC0A016EE73}C:\users\vista\desktop\pserver\hmachi\hamachi.exe" = protocol=17 | dir=in | app=c:\users\vista\desktop\pserver\hmachi\hamachi.exe |
"UDP Query User{CC3CE1A3-0E76-47CB-AEC9-89DA2F8C209B}C:\users\vista\appdata\local\temp\rar$ex00.646\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.646\trazymt2\mc.exe |
"UDP Query User{D68B5D0C-523F-4FD4-8157-CFFA3F3AA4DF}C:\users\vista\appdata\local\temp\rar$ex01.123\trazymt2\metin2.bin" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.123\trazymt2\metin2.bin |
"UDP Query User{DA089190-1643-4A36-AAC8-2C16D8FB0E2C}C:\users\vista\appdata\local\temp\rar$ex00.802\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.802\trazymt2\mc.exe |
"UDP Query User{DC50118E-FFBD-4F16-B176-819C7D2A3C7E}C:\users\vista\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\vista\program files\dna\btdna.exe |
"UDP Query User{E9EC1E68-17AE-4EB9-9838-17879998E6E0}C:\users\vista\appdata\local\temp\rar$ex00.954\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex00.954\trazymt2\mc.exe |
"UDP Query User{F3E8EC0B-61CD-4CC2-9FF0-C75B8500B010}C:\users\vista\appdata\local\temp\rar$ex01.796\trazymt2\xtreamyt2.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex01.796\trazymt2\xtreamyt2.exe |
"UDP Query User{F487ADDC-CFB8-4618-B968-193111D055EE}C:\users\vista\appdata\local\temp\rar$ex11.5544\trazymt2\metin2.bin" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex11.5544\trazymt2\metin2.bin |
"UDP Query User{F929CF76-C942-498D-8382-201027B3BCDF}C:\users\vista\appdata\local\temp\rar$ex46.730\trazymt2\mc.exe" = protocol=17 | dir=in | app=c:\users\vista\appdata\local\temp\rar$ex46.730\trazymt2\mc.exe |
"UDP Query User{FBA3FB21-12FA-4021-BBC0-16FE8CB5BDA2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4D905890-5435-49D8-B33B-37243F35ADAB}" = PhoTransEdit
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}" = MorphVOX Pro
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71E64F5D-8CC1-4627-A3F0-41815AB79B95}" = Google SketchUp Pro 7
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP4
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"3GP Video Converter 3" = 3GP Video Converter 3
"4528-3220-6381-2600" = BalTax 2009 5.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ask Toolbar_is1" = Ask Toolbar
"AutoItv3" = AutoIt v3.3.6.1
"Browser Defender_is1" = Browser Defender 3.0
"Canon Advanced Printing Technology" = Canon CAPT-Drucker
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Cleaning Suite_is1" = Cleaning Suite v1.3
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free YouTube Downloader Converter" = Free YouTube Downloader Converter
"ftp-uploader" = ftp-uploader
"Game Cam" = Game Cam 2.4.0.46
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"LogMeIn Hamachi" = LogMeIn Hamachi
"M2Bar Toolbar" = M2Bar Toolbar
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Switzerland-_DE Toolbar" = Messenger Plus Live Switzerland- DE Toolbar
"Metin2_is1" = Metin2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NAV" = Norton AntiVirus
"NSS" = Norton Security Scan
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Polipo" = Polipo 1.0.4.1
"RouterControl" = RouterControl 2.0
"Scorched3D" = Scorched3D 42.1
"Search Guard Plus" = Search Guard Plus (My Web Tattoo)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
"Security Task Manager" = Security Task Manager 1.8c
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Speccy" = Speccy
"TeamViewer 5" = TeamViewer 5
"Tor" = Tor 0.2.1.26
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"Vidalia" = Vidalia 0.2.10
"VirusTotalUploader" = VirusTotal Uploader
"WheelMouse" = Advanced Wheel Mouse 6.0.0.002
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1056924294-3821404161-2646637732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.11.2010 15:00:48 | Computer Name = vista-PC | Source = Application Hang | ID = 1002
Description = Programm WarRock.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: f70  Anfangszeit: 01cb8d9be6caacb5  Zeitpunkt der Beendigung:
 342
 
Error - 26.11.2010 15:19:37 | Computer Name = vista-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.11.2010 15:19:37 | Computer Name = vista-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.11.2010 15:19:38 | Computer Name = vista-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.11.2010 15:19:38 | Computer Name = vista-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.11.2010 15:19:38 | Computer Name = vista-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.11.2010 15:19:38 | Computer Name = vista-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 26.11.2010 15:43:52 | Computer Name = vista-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WarRock.exe, Version 0.0.0.0, Zeitstempel 0x4cd91fd2,
 fehlerhaftes Modul WarRock.exe, Version 0.0.0.0, Zeitstempel 0x4cd91fd2, Ausnahmecode
 0xc0000005, Fehleroffset 0x00165433,  Prozess-ID 0x224, Anwendungsstartzeit 01cb8d9cd0b64f87.
 
Error - 26.11.2010 16:10:48 | Computer Name = vista-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.17.3 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 158c  Anfangszeit: 01cb8da5c4b09324  Zeitpunkt der Beendigung:
 17
 
Error - 26.11.2010 16:15:00 | Computer Name = vista-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.17.3 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 179c  Anfangszeit: 01cb8da5ffd5458a  Zeitpunkt der Beendigung:
 35
 
[ Media Center Events ]
Error - 20.10.2010 10:05:06 | Computer Name = vista-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 10/20/2010 16:05:06
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 20.10.2010 10:05:07 | Computer Name = vista-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 10/20/2010 16:05:07
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 21.10.2010 13:31:09 | Computer Name = vista-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 10/21/2010 19:31:08
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 22.10.2010 07:00:51 | Computer Name = vista-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 10/22/2010 13:00:51
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 22.10.2010 07:00:53 | Computer Name = vista-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 10/22/2010 13:00:53
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 11.11.2010 15:59:57 | Computer Name = vista-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/11/2010 20:59:57
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 17.11.2010 11:02:01 | Computer Name = vista-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/17/2010 16:02:00
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 17.11.2010 11:02:01 | Computer Name = vista-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/17/2010 16:02:01
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 19.11.2010 13:41:18 | Computer Name = vista-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/19/2010 18:41:18
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 19.11.2010 13:41:20 | Computer Name = vista-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/19/2010 18:41:20
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
[ System Events ]
Error - 25.11.2010 03:08:51 | Computer Name = vista-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 25.11.2010 07:21:45 | Computer Name = vista-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon LBP-810 nicht unter dem
Namen Canon LBP-810 freigeben. Fehler: 2114. Der Drucker kann nicht von anderen
Benutzern im Netzwerk verwendet werden.
 
Error - 25.11.2010 07:22:27 | Computer Name = vista-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 25.11.2010 16:24:54 | Computer Name = vista-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon LBP-810 nicht unter dem
Namen Canon LBP-810 freigeben. Fehler: 2114. Der Drucker kann nicht von anderen
Benutzern im Netzwerk verwendet werden.
 
Error - 25.11.2010 16:25:54 | Computer Name = vista-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 26.11.2010 13:15:41 | Computer Name = vista-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon LBP-810 nicht unter dem
Namen Canon LBP-810 freigeben. Fehler: 2114. Der Drucker kann nicht von anderen
Benutzern im Netzwerk verwendet werden.
 
Error - 26.11.2010 13:16:42 | Computer Name = vista-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 26.11.2010 14:53:02 | Computer Name = vista-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon LBP-810 nicht unter dem
Namen Canon LBP-810 freigeben. Fehler: 2114. Der Drucker kann nicht von anderen
Benutzern im Netzwerk verwendet werden.
 
Error - 26.11.2010 14:54:12 | Computer Name = vista-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 26.11.2010 15:45:42 | Computer Name = vista-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.0.0.28 für die Netzwerkkarte mit der Netzwerkadresse
 0019DB5A333E wurde durch den DHCP-Server 10.0.0.1 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
 
< End of report >
--- --- ---

markusg 27.11.2010 12:02
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Crohero 27.11.2010 13:59
Hier bitteschön^^
hoffentlich findest du was :)


Combofix Logfile:
Code:
ComboFix 10-11-26.07 - vista 27.11.2010  13:40:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.41.1031.18.2046.852 [GMT 1:00]
ausgeführt von:: c:\users\vista\Downloads\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\ClearRecycleBin.exe
c:\program files\Fast Browser Search\error.html
c:\program files\Fast Browser Search\fbsProtection.xml
c:\program files\Fast Browser Search\FbsSearchProvider.xml
c:\program files\Fast Browser Search\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\FBStoolbar.dll
c:\program files\Fast Browser Search\fbstoolbar.jar
c:\program files\Fast Browser Search\fbstoolbar.manifest
c:\program files\Fast Browser Search\icons.bmp
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\fbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FBStoolbar.exe
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\Fast Browser Search\ie3sh.exe
c:\program files\Fast Browser Search\info.txt
c:\program files\Fast Browser Search\local.xml
c:\program files\Fast Browser Search\logobg.bmp
c:\program files\Fast Browser Search\MTWB3SH.dll
c:\program files\Fast Browser Search\MTWBtoolbar.html
c:\program files\Fast Browser Search\search.bmp
c:\program files\Fast Browser Search\search_br.bmp
c:\program files\Fast Browser Search\search_de.bmp
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtectionI.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\users\vista\AppData\Roaming\Autorun.vbs
c:\users\vista\AppData\Roaming\Bilder
c:\users\vista\AppData\Roaming\logs.dat
c:\users\vista\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
c:\users\vista\AppData\Roaming\svchost.bat
c:\users\vista\AppData\Roaming\Sysutils_Update
c:\users\vista\LBP-810_R110_DE.exe
c:\windows\system32\midas.dll
c:\windows\system32\spool\prtprocs\w32x86\CNMPPA0.DLL
c:\windows\system32\system32

.
(((((((((((((((((((((((  Dateien erstellt von 2010-10-27 bis 2010-11-27  ))))))))))))))))))))))))))))))
.

2010-11-26 18:35 . 2010-11-26 18:36        --------        d-----w-        c:\users\vista\AppData\Local\GamersFirst LIVE!
2010-11-26 17:58 . 2010-11-26 17:58        --------        d-----w-        c:\programdata\WindowsSearch
2010-11-24 20:29 . 2010-11-01 23:03        1448448        ----a-w-        c:\windows\system32\inetcpl.cpl
2010-11-24 20:29 . 2010-11-01 22:59        2381824        ----a-w-        c:\windows\system32\mshtml.tlb
2010-11-23 17:05 . 2010-11-23 17:08        --------        d-----w-        c:\programdata\SecTaskMan
2010-11-23 17:05 . 2010-11-23 17:05        --------        d-----w-        c:\program files\Security Task Manager
2010-11-21 13:18 . 2010-08-30 12:57        767952        ----a-w-        c:\windows\BDTSupport.dll
2010-11-21 13:18 . 2010-08-23 08:36        149456        ----a-w-        c:\windows\SGDetectionTool.dll
2010-11-21 13:18 . 2010-09-02 14:00        739280        ----a-w-        c:\windows\PCTBDRes.dll
2010-11-21 13:18 . 2010-09-02 14:00        1865680        ----a-w-        c:\windows\PCTBDCore.dll
2010-11-21 13:12 . 2010-11-23 19:21        --------        d-----w-        c:\program files\PC Tools Security
2010-11-18 11:25 . 2010-11-18 11:25        --------        d-----w-        c:\windows\Sun
2010-11-10 17:15 . 2010-10-07 11:37        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2010-11-07 10:11 . 2010-11-07 10:11        --------        d-----w-        c:\programdata\Messenger Plus!
2010-11-07 10:10 . 2010-11-07 10:10        --------        d-----w-        c:\program files\Messenger_Plus_Live_Switzerland-_DE
2010-11-07 10:10 . 2010-11-07 10:10        --------        d-----w-        c:\program files\Messenger Plus! Live
2010-11-05 20:11 . 2010-10-08 09:06        21312        ----a-w-        c:\windows\system32\authuitu.dll
2010-11-05 20:11 . 2010-10-08 09:06        30016        ----a-w-        c:\windows\system32\uxtuneup.dll
2010-11-05 20:08 . 2010-10-08 09:10        32064        ----a-w-        c:\windows\system32\TURegOpt.exe
2010-11-05 20:07 . 2010-11-05 20:20        --------        d-----w-        c:\users\vista\AppData\Roaming\TuneUp Software
2010-11-05 20:06 . 2010-11-05 20:11        --------        d-----w-        c:\program files\TuneUp Utilities 2011
2010-11-05 20:05 . 2010-11-05 20:12        --------        d-----w-        c:\programdata\TuneUp Software
2010-11-05 20:05 . 2010-11-05 20:05        --------        d-sh--w-        c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-11-05 19:57 . 2010-11-05 20:00        188896        ----a-w-        c:\programdata\Microsoft\VCSExpress\10.0\1031\ResourceCache.dll
2010-11-05 19:54 . 2010-11-05 20:00        --------        d-----w-        c:\program files\Microsoft Visual Studio 10.0
2010-11-05 19:54 . 2010-11-05 19:54        --------        d-----w-        c:\program files\Microsoft Help Viewer
2010-11-02 18:11 . 2010-11-02 18:11        --------        d-----w-        C:\ATLAS
2010-11-02 18:11 . 2010-11-02 18:11        --------        d-----w-        c:\windows\ASYM

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-17 18:47 . 2010-10-17 18:47        1894664        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-15 02:50 . 2010-05-15 15:36        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2010-09-13 13:56 . 2010-10-14 10:56        8147456        ----a-w-        c:\windows\system32\wmploc.DLL
2010-09-06 16:20 . 2010-10-14 10:56        125952        ----a-w-        c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 10:56        17920        ----a-w-        c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 10:56        304128        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 10:56        145408        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 10:56        102400        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2010-08-31 22:46 . 2010-09-17 12:25        1355264        ----a-w-        c:\windows\system32\jscript9.dll
2010-08-31 22:44 . 2010-09-17 12:25        367104        ----a-w-        c:\windows\system32\html.iec
2010-08-31 22:44 . 2010-09-17 12:25        1122304        ----a-w-        c:\windows\system32\wininet.dll
2010-08-31 22:44 . 2010-09-17 12:25        424960        ----a-w-        c:\windows\system32\vbscript.dll
2010-08-31 22:43 . 2010-09-17 12:25        23552        ----a-w-        c:\windows\system32\licmgr10.dll
2010-08-31 22:43 . 2010-09-17 12:25        72704        ----a-w-        c:\windows\system32\SetDepNx.exe
2010-08-31 22:43 . 2010-09-17 12:25        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-08-31 22:43 . 2010-09-17 12:25        114176        ----a-w-        c:\windows\system32\iesysprep.dll
2010-08-31 22:43 . 2010-09-17 12:25        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2010-08-31 22:43 . 2010-09-17 12:25        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2010-08-31 22:42 . 2010-09-17 12:25        51200        ----a-w-        c:\windows\system32\admparse.dll
2010-08-31 22:42 . 2010-09-17 12:25        75264        ----a-w-        c:\windows\system32\iesetup.dll
2010-08-31 22:42 . 2010-09-17 12:25        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2010-08-31 22:42 . 2010-09-17 12:25        150016        ----a-w-        c:\windows\system32\iexpress.exe
2010-08-31 22:42 . 2010-09-17 12:25        149504        ----a-w-        c:\windows\system32\wextract.exe
2010-08-31 22:42 . 2010-09-17 12:25        33280        ----a-w-        c:\windows\system32\imgutil.dll
2010-08-31 22:42 . 2010-09-17 12:25        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2010-08-31 22:42 . 2010-09-17 12:25        11264        ----a-w-        c:\windows\system32\mshta.exe
2010-08-31 22:42 . 2010-09-17 12:25        63488        ----a-w-        c:\windows\system32\tdc.ocx
2010-08-31 22:41 . 2010-09-17 12:25        160768        ----a-w-        c:\windows\system32\msls31.dll
2010-08-31 15:46 . 2010-10-14 10:56        954752        ----a-w-        c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 10:56        954288        ----a-w-        c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 10:56        531968        ----a-w-        c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 10:56        2038272        ----a-w-        c:\windows\system32\win32k.sys
2006-02-12 04:51        1169736        --sha-r-        c:\windows\System32\install\driver32.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSof0.dll" [2010-10-16 2735200]
"{0df41d51-d5ab-4f8a-941f-0d1ed6596bc7}"= "c:\program files\M2Bar\tbM2Ba.dll" [2010-09-12 3863136]
"{18c2d815-3a16-4493-9004-77949214a70e}"= "c:\program files\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]

[HKEY_CLASSES_ROOT\clsid\{0df41d51-d5ab-4f8a-941f-0d1ed6596bc7}]

[HKEY_CLASSES_ROOT\clsid\{18c2d815-3a16-4493-9004-77949214a70e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0df41d51-d5ab-4f8a-941f-0d1ed6596bc7}]
2010-09-12 13:02        3863136        ----a-w-        c:\program files\M2Bar\tbM2Ba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18c2d815-3a16-4493-9004-77949214a70e}]
2010-06-13 18:10        2734688        ----a-w-        c:\program files\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 08:32        279944        ----a-w-        c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2010-10-16 09:09        2735200        ----a-w-        c:\program files\Softonic_Deutsch\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSof0.dll" [2010-10-16 2735200]
"{0df41d51-d5ab-4f8a-941f-0d1ed6596bc7}"= "c:\program files\M2Bar\tbM2Ba.dll" [2010-09-12 3863136]
"{18c2d815-3a16-4493-9004-77949214a70e}"= "c:\program files\Messenger_Plus_Live_Switzerland-_DE\tbMess.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]

[HKEY_CLASSES_ROOT\clsid\{0df41d51-d5ab-4f8a-941f-0d1ed6596bc7}]

[HKEY_CLASSES_ROOT\clsid\{18c2d815-3a16-4493-9004-77949214a70e}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSof0.dll" [2010-10-16 2735200]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2010-09-02 108496]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP-810-Statusfenster.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE [2007-3-23 121488]
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2010-10-8 2845552]
Logitech SetPoint.lnk - c:\users\vista\Desktop\brunc\Tastatur\SetPoint\SetPoint.exe [2009-11-7 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9f19f74fc5003;Google Update Service (gupdate1c9f19f74fc5003);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 133104]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 1136600]
R3 cpuz130;cpuz130;c:\users\vista\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 esihdrv;esihdrv;c:\users\vista\AppData\Local\Temp\esihdrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-02 1029456]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [2009-08-17 99176]
R3 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-10 64160]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1108000.005\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1108000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [2010-11-04 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1108000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101124.002\IDSvix86.sys [2010-10-19 353840]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1108000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAV\1108000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2010-09-02 235472]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 RapidPort;RapidPort;c:\windows\system32\Drivers\CAPLPTN.SYS [2001-02-14 22912]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-08 1483072]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-02-08 299093]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2007-02-08 127059]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-07 102448]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-05-11 329728]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-08-19 10064]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-09-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-09-10 07:39]

2010-11-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-27 12:12]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 12:14]

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 12:14]

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1056924294-3821404161-2646637732-1001Core.job
- c:\users\vista\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-24 11:03]

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1056924294-3821404161-2646637732-1001UA.job
- c:\users\vista\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-24 11:03]

2010-11-16 c:\windows\Tasks\Norton Security Scan for vista.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-04 16:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
FF - ProfilePath - c:\users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\i89abi7o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/
FF - prefs.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=UU7tZVGu&q=
FF - component: c:\program files\PC Tools Security\BDT\Firefox\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - component: c:\users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\i89abi7o.default\extensions\{18c2d815-3a16-4493-9004-77949214a70e}\components\FFExternalAlert.dll
FF - component: c:\users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\i89abi7o.default\extensions\{18c2d815-3a16-4493-9004-77949214a70e}\components\RadioWMPCore.dll
FF - component: c:\users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\i89abi7o.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\components\FFExternalAlert.dll
FF - component: c:\users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\i89abi7o.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\vista\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\vista\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - c:\users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\i89abi7o.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\i89abi7o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Softonic Deutsch Toolbar: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - c:\users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\i89abi7o.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
FF - Extension: Messenger Plus Live Switzerland- DE Toolbar: {18c2d815-3a16-4493-9004-77949214a70e} - c:\users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\i89abi7o.default\extensions\{18c2d815-3a16-4493-9004-77949214a70e}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox

---- FIREFOX Richtlinien ----
FF - user.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=nMBAvf7L&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-27 13:53
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,ae,56,90,af,fa,6e,45,a8,da,1b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,ae,56,90,af,fa,6e,45,a8,da,1b,\

[HKEY_USERS\S-1-5-21-1056924294-3821404161-2646637732-1001\Software\SecuROM\License information*]
"datasecu"=hex:ac,7a,98,f9,17,fe,d5,66,c7,38,60,e3,5f,cf,1a,83,4a,c3,f9,6c,e2,
  7f,ec,5e,95,18,ba,4e,f9,f8,85,65,af,0f,fa,52,51,7a,2e,1e,b5,95,57,cd,d9,1d,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-11-27  13:57:52
ComboFix-quarantined-files.txt  2010-11-27 12:57

Vor Suchlauf: 11 Verzeichnis(se), 159'729'557'504 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 159'857'975'296 Bytes frei

- - End Of File - - D58766ED0D0100E5F73701AAEE280B4C
--- --- ---

markusg 27.11.2010 15:38
ich muss mal noch was nachprüfen.
öffne mein computer, c: qoobox.
dort rechtsklick auf den quarantain ordner und mit winrar oder zip packen dann hochladen.
dateiupload:
http://www.trojaner-board.de/54791-a...ner-board.html

Crohero 27.11.2010 15:53
ich habe winrar^^ ich benutze es ausschliesslich zum entpacken aber ich weiss nicht wie man eine Datei packt^^

markusg 27.11.2010 16:03
rechtsklick und dann zu (ordnername).rar hinzufügen

Crohero 27.11.2010 16:07
es kommen keine Symbole von WinRar bei Rechtsklich, ich weiss das früher welche kamen^^

Crohero 27.11.2010 16:12
Habs geschafft ^^ das uploaden dauert aber lange^^

markusg 27.11.2010 16:12
instaliere 7zip
http://filepony.de/download-7-zip/
dann rechtsklick und dort gibts nen menü 7zip, aufklappen, packen.

Crohero 27.11.2010 16:15
Ist gelungen kam diese Meldung:¨¨
Datei: Quarantine.rar empfangen

Vorgang erfolgreich abgeschlossen.

Aber wo ist das jetzt zu finden? Habe die URl von diesem Thema genommen^^
Hab ich es richtig gemacht?

markusg 27.11.2010 16:18
hast du.
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

Crohero 27.11.2010 16:20
denkst du das ich noch Viren habe?
Und wie meinstu Internet abtrennen?
Könnte ich nicht z.B in den abgesicherten Modus den scan machen oder so?

markusg 27.11.2010 16:24
einfach wlan aus oder netzwerkkabel raus, und nein, scan im normalen modus.

Crohero 27.11.2010 18:44
Boahh^^ malwarebytes sucht schon 2,5 stunden^^
naja 10 infizierte objekte^^

markusg 27.11.2010 18:47
und bist du mit dem pc im internet? wenn ja, was hab ich geschrieben?

Crohero 27.11.2010 18:49
bin mit laptop^^

Crohero 27.11.2010 19:06
So endlich fertig^^
PC wurde Neugestartet etc. hier mal der Log!


Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 5199

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.7930.16406

27.11.2010 18:58:29
mbam-log-2010-11-27 (18-58-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 367143
Laufzeit: 2 Stunde(n), 27 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\LEO0WTUNO7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\ranger.exe (Worm.Rebhip) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\SearchGuardPlus.exe.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\update.exe.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Search Guard Plus\SearchGuardPlus.exe.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\vista\AppData\Roaming\Svchost.bat.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\vista\Desktop\Neuer Ordner\Quarantine\C\Program Files\Fast Browser Search\IE\SearchGuardPlus.exe.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\Users\vista\Desktop\Neuer Ordner\Quarantine\C\Program Files\Fast Browser Search\IE\update.exe.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\Users\vista\Desktop\Neuer Ordner\Quarantine\C\Program Files\Search Guard Plus\SearchGuardPlus.exe.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\Users\vista\Desktop\Neuer Ordner\Quarantine\C\Users\vista\AppData\Roaming\Svchost.bat.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\vista\Desktop\brunc\hack\M2 MultiversionHack by banjo1 v3.91.exe (Trojan.Swizyn) -> Quarantined and deleted successfully.

markusg 27.11.2010 19:15
wie läuft der pc jetzt?
lade den ccleaner slim:
Piriform - Builds
falls der ccleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Crohero 27.11.2010 19:20
ein bischen unverständlich^^ cc habe ich schon lange^^ benutze ich täglich^^ du willst also dass alle programme die ich nicht brauche lösche?

Crohero 27.11.2010 19:21
also ja, der Pc läuft gut!
VIELEN DANK!

markusg 27.11.2010 19:21
nein steht doch da, du sollst die liste erstellen und die so bearbeiten wie beschreiben, bei programmen die du behalten willst ein notwendig dahinter, bei unbekannten, unbekannt usw.

Crohero 27.11.2010 19:28
3GP Video Converter 3 Xilisoft 13.05.2010 15.9MB 3.1.8.0720b
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 12.06.2009 13.5MB
Ad-Aware Lavasoft 30.12.2009 65.1MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 13.08.2010 10.1.82.76
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 03.09.2010 10.1.82.76
Adobe Reader 8.2.5 - Deutsch Adobe Systems Incorporated 08.10.2010 8.2.5
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 16.12.2009 11.5.2.602
Advanced Wheel Mouse 6.0.0.002 06.11.2009 0.46MB
Apple Application Support Apple Inc. 23.06.2010 42.8MB 1.3.0
Apple Mobile Device Support Apple Inc. 02.07.2010 19.9MB 3.1.0.62
Apple Software Update Apple Inc. 28.10.2009 2.16MB 2.1.1.116
Ask Toolbar Ask.com 13.06.2009 1.11MB 4.1.0.2
AutoIt v3.3.6.1 AutoIt Team 23.06.2010 28.9MB
BalTax 2009 5.0 Information Factory AG 06.03.2010 23.6MB
Bonjour Apple Inc. 02.07.2010 0.97MB 2.0.2.0
Browser Defender 3.0 Threat Expert Ltd. 20.11.2010 3.57MB 3.0.0.205
Canon CAPT-Drucker 16.07.2009
Canon Easy-WebPrint EX 12.10.2009 5.87MB
Canon MP Navigator EX 3.0 12.10.2009 72.3MB
Canon MP560 series Benutzerregistrierung 12.10.2009 1.09MB
Canon MP560 series MP Drivers 12.10.2009 333MB
Canon Utilities Easy-PhotoPrint EX 12.10.2009 222MB
Canon Utilities My Printer 12.10.2009 4.69MB
Canon Utilities Solution Menu 12.10.2009 3.05MB
CCleaner Piriform 26.11.2010 2.95MB 3.01
Cleaning Suite v1.3 ASCOMP Software GmbH 29.12.2009 5.59MB
Dev-C++ 5 beta 9 release (4.9.9.2) 08.12.2009
DNA BitTorrent Inc. 25.08.2010 0.41MB 2.2.4 (16502)
ESET Online Scanner v3 29.12.2009 79.2MB
Feedback Tool Microsoft Corporation 16.09.2010 2.28MB 1.1.0
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) MAGIX AG 25.02.2007 6.29MB 2.0.0.1
Free YouTube Downloader Converter 09.08.2009 9.68MB
ftp-uploader Firma Gregor Schommer Systemberatung, Raderthaler Str. 31, D-50968 Köln 22.10.2009 3.80MB 3.3.0.0
Futuremark SystemInfo Futuremark Corporation 05.11.2009 3.79MB 3.20.1.2
Game Cam 2.4.0.46 Planet Game Cam, Inc. 19.11.2009 1.94MB 2.4.0.46
GamersFirst LIVE! GamersFirst 25.11.2010 7.02MB
Google Chrome Google Inc. 21.10.2009 73.9MB 7.0.517.44
Google Earth Google 07.10.2010 85.4MB 5.2.1.1588
Google SketchUp Pro 7 Google, Inc. 11.11.2009 108.9MB 2.0.11067
Google Toolbar for Internet Explorer Google Inc. 20.10.2010 6.59MB 6.6.1015.36
Google Updater Google Inc. 19.06.2009 3.60MB 2.4.1601.7122
IrfanView (remove only) 20.04.2010 1.85MB
ISScript 08.02.2007
iTunes Apple Inc. 02.07.2010 160.8MB 9.2.0.61
Java(TM) 6 Update 22 Oracle 06.08.2010 94.9MB 6.0.220
LetsTrade Komponenten 12.06.2009 10.2MB
Logitech SetPoint Logitech 08.01.2010 18.0MB 4.80
LogMeIn Hamachi LogMeIn, Inc. 09.04.2010 2.93MB 2.0.2.85
M2Bar Toolbar M2Bar 22.09.2010 3.92MB 6.1.0.7
MakeDisc 12.06.2009 99.1MB 3.0.1408
Malwarebytes' Anti-Malware Malwarebytes Corporation 26.11.2010 3.90MB
MCE Software Encoder 1.1 CyberLink Corporation 12.06.2009 1.30MB 1.1.0.1108
MediaShow 3.0 12.06.2009 2.82MB
Mein Geld Professional Buhl Data Service GmbH 08.02.2007 137.3MB 8.00.0007
Messenger Plus Live Switzerland- DE Toolbar Messenger Plus Live Switzerland- DE 06.11.2010 2.82MB 5.7.2.2
Messenger Plus! Live Yuna Software 06.11.2010 12.6MB 4.90.0.392
Metin2 Gameforge 4D GmbH 13.12.2009 682MB
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 23.06.2009 37.0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 17.06.2009 27.8MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 13.05.2010 117.8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 13.05.2010 24.5MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 13.05.2010 38.0MB 4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 13.05.2010 7.50MB 4.0.30319
Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 04.11.2010 83.5MB 4.0.30319
Microsoft Help Viewer 1.0 Microsoft Corporation 04.11.2010 6.09MB 1.0.30319
Microsoft Help Viewer 1.0 Language Pack - DEU Microsoft Corporation 04.11.2010 6.09MB 1.0.30319
Microsoft Office Home and Student 2007 Microsoft Corporation 12.06.2009 301MB 12.0.6425.1000
Microsoft Office Live Add-in 1.5 Microsoft Corporation 25.05.2010 0.49MB 2.0.4024.1
Microsoft Office XP Professional Microsoft Corporation 10.11.2010 10.0.6626.0
Microsoft Silverlight Microsoft Corporation 08.10.2010 4.0.50917.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 12.10.2009 1.74MB 3.1.0000
Microsoft SQL Server 2008 Microsoft Corporation 09.12.2009 363MB
Microsoft SQL Server 2008 Browser Microsoft Corporation 15.09.2010 10.1.2531.0
Microsoft SQL Server 2008 Native Client Microsoft Corporation 15.09.2010 3.24MB 10.1.2531.0
Microsoft SQL Server 2008 R2 Management Objects Microsoft Corporation 04.11.2010 17.1MB 10.50.1447.4
Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch) Microsoft Corporation 09.12.2009 9.10MB 3.5.5692.0
Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 04.11.2010 3.69MB 3.5.8080.0
Microsoft SQL Server System CLR Types Microsoft Corporation 04.11.2010 2.55MB 10.50.1447.4
Microsoft SQL Server VSS Writer Microsoft Corporation 15.09.2010 10.1.2531.0
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 12.10.2009 0.61MB 1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 12.10.2009 1.45MB 1.0.1215.0
Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU Microsoft Corporation 09.12.2009 164.1MB
Microsoft Visual C# 2010 Express - DEU Microsoft Corporation 04.11.2010 214MB 10.0.30319
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 06.08.2009 0.25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 09.10.2010 0.33MB 8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 06.08.2009 0.19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 18.06.2009 2.06MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 09.12.2009 0.58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.08.2010 0.57MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Corporation 04.11.2010 0.58MB 9.0.30729.4974
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Corporation 04.11.2010 35.4MB 10.0.30319
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu Microsoft Corporation 09.12.2009 5.74MB 3.5.30729
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 Microsoft Corporation 09.12.2009 2.61MB 6.1.5295.17011
Microsoft Works Microsoft Corporation 09.12.2009 08.05.0822
MorphVOX Pro Screaming Bee 23.04.2010 15.4MB 4.3.4
Mozilla Firefox (3.6.12) Mozilla 29.10.2010 29.8MB 3.6.12 (de)
MSXML 4.0 SP2 (KB925672) Microsoft Corporation 09.02.2007 1.24MB 4.20.9839.0
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 09.02.2007 1.24MB 4.20.9841.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.06.2009 1.28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1.34MB 4.20.9876.0
Nero 7 Essentials Nero AG 08.02.2007 512MB 7.02.5182
Norton AntiVirus Symantec Corporation 06.08.2010 50.5MB 17.8.0.5
Norton Security Scan Symantec Corporation 03.06.2010 10.7MB 2.7.3.34
NVIDIA Display Control Panel NVIDIA Corporation 05.08.2010 148.0MB 6.14.12.5896
NVIDIA Drivers NVIDIA Corporation 05.08.2010 1.10.62.40
NVIDIA PhysX NVIDIA Corporation 05.08.2010 73.8MB 9.10.0224
NVIDIA Stereoscopic 3D Driver NVIDIA Corporation 05.08.2010 16.1MB 7.17.12.5896
OpenAL 27.11.2009 0.75MB
Paint.NET v3.5.4 dotPDN LLC 20.04.2010 9.50MB 3.54.0
Pando Media Booster Pando Networks Inc. 05.08.2010 6.70MB 2.3.3.6
Phase 5 HTML-Editor Systemberatung Schommer 22.10.2009 3.75MB 5.6.2
PhotoNow! 1.0 12.06.2009 1.57MB
PhoTransEdit <no manufacturer> 18.09.2009 15.2MB 1.4.0
Polipo 1.0.4.1 23.09.2010 0.36MB
PowerCinema Linux 5.0 12.06.2009 1.23MB
PowerDirector 12.06.2009 128.3MB
PowerDVD CyberLink Corporation 12.06.2009 91.7MB 7.0.2414.0
PowerProducer 12.06.2009 281MB
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 08.02.2007 11.0MB 6.0.1.5334
RouterControl 2.0 05.05.2010 7.25MB
Safari Apple Inc. 23.06.2010 41.1MB 5.33.16.0
Sceneo AbsolutTV 12.06.2009 4.23MB
Scorched3D 42.1 Scorched 12.02.2010 151.1MB 42.1
Security Task Manager 1.8c Neuber Software 22.11.2010 2.72MB 1.8c
SiSoftware Sandra Lite 2009.SP4 SiSoftware 29.12.2009 36.9MB 15.124.2009.9
Skype™ 4.2 Skype Technologies S.A. 09.10.2010 25.0MB 4.2.187
Softonic_Deutsch Toolbar 08.12.2009 2.44MB
Speccy Piriform 24.03.2010 2.99MB 1.00
System Requirements Lab Husdawg, LLC 05.03.2010 0.60MB 4.1.71.0
TeamViewer 5 TeamViewer GmbH 16.08.2010 20.3MB 5.0.8703
Tor 0.2.1.26 23.09.2010 3.30MB
TuneUp Utilities 2011 TuneUp Software 04.11.2010 63.4MB 10.0.1080.3
TV Enhance 12.06.2009 101.0MB 1.0.3808
Ulead PhotoImpact 12 Ulead System 12.06.2009 389MB 12.0
Uninstall 1.0.0.1 13.06.2009 6.26MB
Unterstützungsdateien für Microsoft SQL Server 2008-Setup Microsoft Corporation 15.09.2010 30.0MB 10.1.2531.0
VIA Plattform-Geräte-Manager VIA Technologies, Inc. 15.02.2007 1.22
Vidalia 0.2.10 23.09.2010 23.3MB
VirusTotal Uploader 14.05.2010 0.11MB
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 04.11.2010 11.2MB 4.0.8080.0
War Rock GamersFirst 25.11.2010 2'330MB
Windows Live Essentials Microsoft Corporation 12.10.2009 82.9MB 14.0.8089.0726
Windows Live ID-Anmelde-Assistent Microsoft Corporation 25.05.2010 4.69MB 6.500.3165.0
Windows Live OneCare safety scanner Microsoft Corporation 14.06.2009 26.4MB
Windows Live Sync Microsoft Corporation 12.10.2009 2.79MB 14.0.8089.726
Windows Live-Uploadtool Microsoft Corporation 12.06.2009 0.22MB 14.0.8014.1029
WinRAR 31.08.2009 3.81MB
X10 Hardware(TM) 12.06.2009 28.00KB

markusg 27.11.2010 19:38
du sollst hinter die programme sdchreiben ob sie benötigt werden, unötig sind oder unbekannt!!

Crohero 27.11.2010 19:43
wollte ich xD nur habe zufällig bevor ich angefangen habe "antworten" geklickt...
ich mache das morgen , ich gehe jetzt raus, danke für die Hilfe bis jetzt!


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131